Hacker News: dralley

New comment by dralley in "Azure Linux 4.0 is Microsoft's first general-purpose Linux"

dralley — Sat, 06 Jun 2026 00:44:30 +0000

The thing is that if step 2 isn't proprietary, but rather more open source code, then it's not "extinguish" it's just garden variety open source competition.

Update on supply chain compromise of Red Hat cloud-services NPM packages

dralley — Wed, 03 Jun 2026 16:52:29 +0000

Article URL: https://access.redhat.com/security/vulnerabilities/RHSB-2026-006

Comments URL: https://news.ycombinator.com/item?id=48386474

Points: 3

# Comments: 0

New comment by dralley in "Bun has been converted to rust. Now what?"

dralley — Wed, 03 Jun 2026 12:45:04 +0000

Considering a substantial fraction of the commit history since then has been removing those instances of "unsafe" not all of are actually usages of "unsafe" (seems like there are a fair number of functions / types with unsafe in the name but not the signature), is that actually still true?

And if nothing else Rust forces you to document where they are, which isn't nothing.

RHSB-2026-006 Supply chain compromise of RedHat-cloud-services NPM packages

dralley — Tue, 02 Jun 2026 12:20:09 +0000

Article URL: https://access.redhat.com/security/vulnerabilities/RHSB-2026-006

Comments URL: https://news.ycombinator.com/item?id=48369265

Points: 2

# Comments: 0

New comment by dralley in "Malicious npm packages detected across Red Hat Cloud Services"

dralley — Mon, 01 Jun 2026 13:58:15 +0000

How would that help? These are not general purpose, base system libraries, these are libraries specific to a product that uses them. Either you're not using them and hence they would not be installed in the first place, or you're using them because you have the product installed.

Though I would expect that Insights uses RPM packages to ship components and not the public NPM packages.

New comment by dralley in "That Methyl Methacrylate Tank"

dralley — Wed, 27 May 2026 00:35:51 +0000

Typically BLEVE is used in a petrochemical context, where the hot "boiling liquid, expanding vapor" ignites on contact with oxygen.

New comment by dralley in "Performance of Rust Language [pdf]"

dralley — Tue, 26 May 2026 20:32:09 +0000

There are a number of compiler performance enhancements (and correctness improvements) that are being worked on that are kind of at a chokepoint behind some other piece of work. Unfortunately it's not that easy to discern what state they're in or how quickly they're making progress.

At some point though a lot of work will be able to start advancing at once, so long as people exist to do the work.

e.g. https://rust-lang.github.io/rust-project-goals/2026/parallel...

New comment by dralley in "FBI director's Based Apparel site has been spotted hosting a 'ClickFix' attack"

dralley — Mon, 25 May 2026 12:03:58 +0000

And yet, that hasn't translatd into additional support for Ukraine. In fact, Russian oil sanctions are lifted for the second month in a row, and Congress Republicans haven't put a Russian sanctions bill on the table because Trump doesn't want one.

New comment by dralley in "FBI director's Based Apparel site has been spotted hosting a 'ClickFix' attack"

dralley — Sat, 23 May 2026 03:10:13 +0000

The existence of other influences does not diminish the fact that Trump is enamored with Putin (and most "strong man" dictators generally, but Putin in particular) and it does impact his foreign policy decisions and those of his administration (Hegseth straight up canceled weapons shipments to Ukraine for 2 weeks in the aftermath of the Oval Office meeting thinking it would please the boss).

New comment by dralley in "Lost Images from the 1945 Trinity Nuclear Test Restored"

dralley — Thu, 21 May 2026 12:56:24 +0000

Because that's exactly what it was. I agree with you, the puritanism around special effects doesn't make sense when there's plenty of high quality archival footage out there, and instead of using that or CGI to look similar, you do something that looks completely wrong.

New comment by dralley in "Bun Rust rewrite: "codebase fails basic miri checks, allows for UB in safe rust""

dralley — Fri, 15 May 2026 18:43:37 +0000

If you use unsafe improperly, it is possible to encounter UB in "safe" code which relies on the unsafe code being correct.

New comment by dralley in "Bun Rust rewrite: "codebase fails basic miri checks, allows for UB in safe rust""

dralley — Fri, 15 May 2026 18:38:03 +0000

>There are well-known tools in the Rust ecosystem that detect this kind of error

Yes, tools like Miri, which this very post is about.

New comment by dralley in "Mythos Finds a Curl Vulnerability"

dralley — Mon, 11 May 2026 13:24:52 +0000

There is a significant difference between being able to see one flaw and being able to chain together multiple disparate flaws, to be fair.

New comment by dralley in "Louis Rossmann offers to pay legal fees for a threatened OrcaSlicer developer"

dralley — Sun, 10 May 2026 15:48:40 +0000

As a matter of fact he has mentioned that one of the Jacob's Ladder videos was the only time he messed up and came close to actually electrocuting himself (by reflexively trying to grab the leads as they fell off a table). Otherwise all of the shocks are "calculated" to be nonharmful.

New comment by dralley in "Bun's experimental Rust rewrite hits 99.8% test compatibility on Linux x64 glibc"

dralley — Sat, 09 May 2026 23:03:15 +0000

Not really though. That's like saying that no language is "safe" because the compiler could have a bug.

It's true that safe wrappers around unsafe code sometimes have bugs in them, but it's orders of magnitude easier to get the abstraction right once than to use unsafe correctly in many places sprawled across a large codebase.

New comment by dralley in "You gave me a u32. I gave you root. (io_uring ZCRX freelist LPE)"

dralley — Fri, 08 May 2026 23:41:07 +0000

A tiny fraction of programs need to use win32 or Mac OS functions beyond the standard library or other safe wrappers for said functions.

New comment by dralley in "Maybe you shouldn't install new software for a bit"

dralley — Fri, 08 May 2026 00:50:00 +0000

I have had none of those issues on Fedora 44, FWIW.

New comment by dralley in "Supreme Court to hear arguments in landmark Roundup weedkiller case"

dralley — Mon, 27 Apr 2026 16:07:27 +0000

Still probably the safest herbicide, mainly because the competition (organophosphates, etc.) is so much worse.

New comment by dralley in "Mozilla: Anthropic's Mythos found 271 security vulnerabilities in Firefox 150"

dralley — Tue, 21 Apr 2026 23:44:59 +0000

> Elite security researchers find bugs that fuzzers can’t largely by reasoning through the source code. This is effective, but time-consuming and bottlenecked on scarce human expertise. Computers were completely incapable of doing this a few months ago, and now they excel at it. We have many years of experience picking apart the work of the world’s best security researchers, and Mythos Preview is every bit as capable. So far we’ve found no category or complexity of vulnerability that humans can find that this model can’t.

New comment by dralley in "The abandoned war: Why no one is stopping the genocide in Sudan"

dralley — Tue, 21 Apr 2026 13:56:47 +0000

From moral perspective, the same entities (UAE, Qatar) who have done the most to raise the profile of the I/P conflict with funds and media campaigns are directly funding and sending weapons to the parties responsible for the genocide in Sudan.

Which has much clearer properties of "genocide" than the I/P war, and killed 3 times as many people in the same timeframe despite having far more primitive and less powerful weaponry involved.

>> In the first three days of the capture, at least 6,000 killings were documented. 4,400 inside the city. 1,600 more along escape routes. The UN writes explicitly that the actual death toll from the week-long offensive was “undoubtedly significantly higher”. The governor of Darfur spoke of 27,000 killed in the first three days alone. The Khartoum-based think tank Confluence Advisory estimated 100,000. The Yale Humanitarian Research Lab assessed that of the 250,000 civilians remaining in the city, nearly all had been killed, died, been displaced, or were in hiding.

>> RSF fighters, according to survivor testimony, said things like “Is there anyone Zaghawa here? If we find Zaghawa, we will kill them all” and “We want to eliminate anything black from Darfur”. Men and boys under 50 were specifically targeted, killed or abducted. Women and girls of the Zaghawa and Fur communities were systematically raped, often in groups, sometimes for hours or days. Those perceived as Arab were often spared.”